Welcome to “Ask Deb from QA,” an advice column from MxD.
Deb from QA — with decades of experience on the factory floor — will answer your questions to demystify and explain the digital manufacturing industry.
Please submit your questions to debfromqa@mxdusa.org
What is process manufacturing and how do you keep it secure?
I sure have been getting a lot of questions about manufacturing cybersecurity lately, and that’s good news. It shows folks are paying attention to the risk manufacturers of all stripes face from cybercriminals. And it’s a big risk.
Last year, a cyberattack occurred every 39 seconds. That’s what Danny Lopez, who is the CEO of cybersecurity company Glasswall, told Industry Week. And manufacturing was the second most-attacked industry, according to last year’s IBM X-Force Threat Intelligence Index. That sure got my attention.
Anyway, since you asked, let’s focus on process manufacturing, which is the branch of manufacturing that creates things by combining things. Just like I do when whipping up my signature prickly pear margaritas, process manufacturers follow a recipe or formula and rely on ingredients that they blend, mix, or transform.
Think refined oil or pharmaceuticals or a couple of my favorite things: food and beer. This contrasts with the other big branch of manufacturing, discrete manufacturing, which is what cranks out things you can count, like cars, smartphones, and airplanes.
Discrete manufacturing usually involves an assembly line and goods are often made to order. Process manufacturing, on the other hand, is generally done continuously (like in a chemical plant) or in batches (like beer).
Process manufacturing’s unique traits are what make securing it such a pickle. For example:
- Once process manufacturing starts, you can’t, or don’t want to, stop. If my factory’s making smartphones, I can yank one without halting production. But I can’t unmake beer or pause to take out the hops. If something goes wrong, I lose the whole batch. And, in cases like a chemical plant, the tab is likely millions of dollars to stop work and undertake some ginormous cleaning operation.
- Process manufacturing machinery is often built to do one thing. Good quality equipment can last decades. That means my pumps, valves, and vats may predate the days of real-time quality monitoring and top-notch security — even though these 24/7 kinds of operations are exactly the environments that need real-time monitoring and top-notch security.
- There can be much more at risk with this type of manufacturing. If the wrong part gets put into a smartphone it’s not fatal. But if there’s a hack and the wrong chemicals get mixed up (what’s known as cross contamination), you may have to evacuate the neighborhood.
To deal with these challenges, most manufacturers build a security “moat” that aims to separate cybercriminals from the operational technology, or OT, that they are trying to attack. They construct sturdy firewalls. They segment the network so Process A is not allowed to talk with Process B. Those kinds of things.
If you want a visual example of how to apply cybersecurity within process manufacturing you are in luck. My friends over at MxD just updated their Virtual Tour, which includes the Cybersecurity Process Manufacturing Test Platform.
This platform builds off of the Cyber Wall (also featured on the virtual tour), which demonstrates how to identify and protect assets under the NIST Cybersecurity Framework. For this new addition to the tour, MxD digs into the remaining three framework segments: detect, respond, and recover.
The platform uses a nifty clean-water/wastewater demo with Industry 4.0 analytics that illustrates an Intrusion Detection System (IDS), action plans if a hack happens, and something called a Failure Modes and Effects Analysis (FMEA) to root out potential hacker targets and figure out vulnerabilities and worst-case scenarios.
Folks, the more digital we get, the bigger the attack surface gets. Those bad guys have more ways to wiggle in and steal our recipes, wreak havoc, or hold us up for ransom.
Remember, while you are busy thinking about production, the supply chain, and staffing for the third shift, the bad guys are thinking about only one thing: How to hurt us.
Get those moats built!
Want to test your factory’s cybersecurity and get feedback from a non-profit that’s not trying to sell you anything? Sign up for a free self-assessment via MxD’s Cyber Marketplace.
You’ll have the opportunity to do a free self-assessment and can take immediate action to fix your vulnerabilities with vetted cybersecurity tools. To get involved, visit mxdusa.org/marketplace.
Check out the last Ask Deb here:
A Scary Cybersecurity Story
Deb from QA wants to hear your questions. Send ’em to debfromqa@mxdusa.org and she’ll answer as soon as she’s done with her dinner.